Custom Rules are not working

java
sonarqube
scanner

(Anurag) #1
  • versions used (SonarQube 7.6)
  • Description: I have deployed one custom rule in sonar and i have activated the same by creating one profile. I have imported one external issue and tried to analyze with one source code using scanner v3.3.0.1492. When i check the project issues in dashboard, external issues are working but the custom rule which i have deployed is not working.

May i know the reason why custom rule is not working along with external issues ?


(G Ann Campbell) #2

Hi,

We’re going to need detail on your rule before we can help you.

 
Ann


(Anurag) #3

Hi,

  • versions used (SonarQube 7.7)

My Custom Rule:- If the code consists of any “Http Session”, it will raise an issue with the error message.

Same rule is activated against a profile and when i run mvn sonar:sonar it is throwing the issue.

But, when i run the sonar-scanner, the custom rule which i have deployed into server is not working.


(G Ann Campbell) #4

Hi,

Again, a lot more detail is needed. For instance, are we talking about running these two different analysis commands against the same project or different projects?

 
Ann


(Anurag) #5

Same project.

Whatever I am going to mention below is for same project,

When I run the sonar-scanner, It should raise the issue for the custom rule which i have developed for Http Session and activated against one profile. But It doesn’t.

I am using below sonar-properties file,

sonar.host.url=http://localhost:9000
sonar.projectKey=abc123321
sonar.projectName=SpringSonarTest
sonar.projectVersion=1.0
sonar.sources=.
sonar.language=java
sonar.java.binaries=.
#sonar.inclusions=pom.xml,src/main/**
sonar.externalIssuesReportPaths=./report.json
sonar.issuesReport.json.enable=true
#sonar.showProfiling=true

When i run sonar-scanner, it should raise all issues (custom rules + external issues).

But the external issues which i have mentioned in report.json file is working but the custom rule which is already deployed and activated with one profile is not working.

Finally, when i analyse the project using sonar-scanner, i am getting only external issues in the dashboard.

What I need is to get both external issues as well as custom rules deployed into sonar server when I run the sonar-scanner.


(G Ann Campbell) #6

Hi,

Okay, first, you should verify that the same profile is used in both analyses. sonar.profile is dropped in 7.7, but you’re on 7.6 and it’s possible your pom sets a profile property. If you’ve got two different profiles in play, one with and one without your rule then the problem is obvious.

But let’s assume you’ve crossed that off the list, the next question is your parameters. When you run a Maven analysis, your source and binary properties are going to be set precisely, not to just .. I don’t see why that would make a difference, but try setting them precisely.

Also, sonar.language has been deprecated for literally years (and finally removed in 7.7). It’s really not gaining you anything here, so I’d eliminate that just to reduce confusion. Along those lines, I don’t recognize sonar.issuesReport.json.enable. Where do you see it documented? And also, since we’re debugging a custom Java rule, it’s not likely to be doing you any good. I’d drop it for at least this test.

And if stepping through all those things still doesn’t get you the desired result, then you’re going to need to share some source code from your rule because diagnosing why a rule doesn’t work without the source is a bit like gazing into a crystal ball. :slight_smile:

 
Ann


(Anurag) #7

Hi,

Thanks for the response.

I have changed my sonarQube version to 7.7 Below is my src file for custom rule

Rule Class:-

@Rule(key = "*******", name = "Avoid Session Usage in the code", description = "**********", priority = Priority.MAJOR, tags = {
		"bug" })
public class AvoidHttpSessionRule extends IssuableSubscriptionVisitor {

	@Override
	public List<Kind> nodesToVisit() {

		return ImmutableList.of(Tree.Kind.VARIABLE);
	}

	@Override
	public void visitNode(Tree tree) {

		VariableTree variableTree = (VariableTree) tree;

		if (variableTree.symbol().type().toString().equalsIgnoreCase("HttpSession"))

			reportIssue(tree, "Avoid Using HttpSession");
		
	}

}

I have activated the same rule by creating one profile name custom for the language Java and made it as default profile.

I have placed the sonar-properties file in the project directory. I have some external issues mentioned in the sonar.properties file with key and value as sonar.externalIssuesReportPaths=*/report.json .

After running the sonar-scanner in the project location, i can see my project was registered with sonar server. When i open the issues tab I can see only external issues displaying in the dashboard. I am not able to the custom rule issue in the dashboard